[PATCH] Fix filp being passed through raw ioctl handler
[linux-2.6/verdex.git] / drivers / usb / class / bluetty.c
blob524023327c4900a18493c6691015a4fbf143af2b
1 /*
2 * bluetty.c Version 0.13
4 * Copyright (C) 2000, 2001 Greg Kroah-Hartman <greg@kroah.com>
5 * Copyright (C) 2000 Mark Douglas Corner <mcorner@umich.edu>
7 * USB Bluetooth TTY driver, based on the Bluetooth Spec version 1.0B
8 *
9 * (2001/11/30) Version 0.13 gkh
10 * - added locking patch from Masoodur Rahman <rmasoodu@in.ibm.com>
11 * - removed active variable, as open_count will do.
13 * (2001/07/09) Version 0.12 gkh
14 * - removed in_interrupt() call, as it doesn't make sense to do
15 * that anymore.
17 * (2001/06/05) Version 0.11 gkh
18 * - Fixed problem with read urb status saying that we have shutdown,
19 * and that we shouldn't resubmit the urb. Patch from unknown.
21 * (2001/05/28) Version 0.10 gkh
22 * - Fixed problem with using data from userspace in the bluetooth_write
23 * function as found by the CHECKER project.
24 * - Added a buffer to the write_urb_pool which reduces the number of
25 * buffers being created and destroyed for ever write. Also cleans
26 * up the logic a bit.
27 * - Added a buffer to the control_urb_pool which fixes a memory leak
28 * when the device is removed from the system.
30 * (2001/05/28) Version 0.9 gkh
31 * Fixed problem with bluetooth==NULL for bluetooth_read_bulk_callback
32 * which was found by both the CHECKER project and Mikko Rahkonen.
34 * (08/04/2001) gb
35 * Identify version on module load.
37 * (2001/03/10) Version 0.8 gkh
38 * Fixed problem with not unlinking interrupt urb on device close
39 * and resubmitting the read urb on error with bluetooth struct.
40 * Thanks to Narayan Mohanram <narayan@RovingNetworks.com> for the
41 * fixes.
43 * (11/29/2000) Version 0.7 gkh
44 * Fixed problem with overrunning the tty flip buffer.
45 * Removed unneeded NULL pointer initialization.
47 * (10/05/2000) Version 0.6 gkh
48 * Fixed bug with urb->dev not being set properly, now that the usb
49 * core needs it.
50 * Got a real major id number and name.
52 * (08/06/2000) Version 0.5 gkh
53 * Fixed problem of not resubmitting the bulk read urb if there is
54 * an error in the callback. Ericsson devices seem to need this.
56 * (07/11/2000) Version 0.4 gkh
57 * Fixed bug in disconnect for when we call tty_hangup
58 * Fixed bug in bluetooth_ctrl_msg where the bluetooth struct was not
59 * getting attached to the control urb properly.
60 * Fixed bug in bluetooth_write where we pay attention to the result
61 * of bluetooth_ctrl_msg.
63 * (08/03/2000) Version 0.3 gkh mdc
64 * Merged in Mark's changes to make the driver play nice with the Axis
65 * stack.
66 * Made the write bulk use an urb pool to enable larger transfers with
67 * fewer calls to the driver.
68 * Fixed off by one bug in acl pkt receive
69 * Made packet counters specific to each bluetooth device
70 * Added checks for zero length callbacks
71 * Added buffers for int and bulk packets. Had to do this otherwise
72 * packet types could intermingle.
73 * Made a control urb pool for the control messages.
75 * (07/11/2000) Version 0.2 gkh
76 * Fixed a small bug found by Nils Faerber in the usb_bluetooth_probe
77 * function.
79 * (07/09/2000) Version 0.1 gkh
80 * Initial release. Has support for sending ACL data (which is really just
81 * a HCI frame.) Raw HCI commands and HCI events are not supported.
82 * A ioctl will probably be needed for the HCI commands and events in the
83 * future. All isoch endpoints are ignored at this time also.
84 * This driver should work for all currently shipping USB Bluetooth
85 * devices at this time :)
90 * This program is free software; you can redistribute it and/or modify
91 * it under the terms of the GNU General Public License as published by
92 * the Free Software Foundation; either version 2 of the License, or
93 * (at your option) any later version.
95 * This program is distributed in the hope that it will be useful,
96 * but WITHOUT ANY WARRANTY; without even the implied warranty of
97 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
98 * GNU General Public License for more details.
100 * You should have received a copy of the GNU General Public License
101 * along with this program; if not, write to the Free Software
102 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
106 #include <linux/kernel.h>
107 #include <linux/errno.h>
108 #include <linux/init.h>
109 #include <linux/slab.h>
110 #include <linux/tty.h>
111 #include <linux/tty_driver.h>
112 #include <linux/tty_flip.h>
113 #include <linux/module.h>
114 #include <asm/uaccess.h>
116 #define DEBUG
117 #include <linux/usb.h>
120 * Version Information
122 #define DRIVER_VERSION "v0.13"
123 #define DRIVER_AUTHOR "Greg Kroah-Hartman, Mark Douglas Corner"
124 #define DRIVER_DESC "USB Bluetooth tty driver"
126 /* define this if you have hardware that is not good */
127 /*#define BTBUGGYHARDWARE */
129 /* Class, SubClass, and Protocol codes that describe a Bluetooth device */
130 #define WIRELESS_CLASS_CODE 0xe0
131 #define RF_SUBCLASS_CODE 0x01
132 #define BLUETOOTH_PROGRAMMING_PROTOCOL_CODE 0x01
135 #define BLUETOOTH_TTY_MAJOR 216 /* real device node major id */
136 #define BLUETOOTH_TTY_MINORS 256 /* whole lotta bluetooth devices */
138 #define USB_BLUETOOTH_MAGIC 0x6d02 /* magic number for bluetooth struct */
140 #define BLUETOOTH_CONTROL_REQUEST_TYPE 0x20
142 /* Bluetooth packet types */
143 #define CMD_PKT 0x01
144 #define ACL_PKT 0x02
145 #define SCO_PKT 0x03
146 #define EVENT_PKT 0x04
147 #define ERROR_PKT 0x05
148 #define NEG_PKT 0x06
150 /* Message sizes */
151 #define MAX_EVENT_SIZE 0xFF
152 #define EVENT_HDR_SIZE 3 /* 2 for the header + 1 for the type indicator */
153 #define EVENT_BUFFER_SIZE (MAX_EVENT_SIZE + EVENT_HDR_SIZE)
155 #define MAX_ACL_SIZE 0xFFFF
156 #define ACL_HDR_SIZE 5 /* 4 for the header + 1 for the type indicator */
157 #define ACL_BUFFER_SIZE (MAX_ACL_SIZE + ACL_HDR_SIZE)
159 /* parity check flag */
160 #define RELEVANT_IFLAG(iflag) (iflag & (IGNBRK|BRKINT|IGNPAR|PARMRK|INPCK))
162 #define CHAR2INT16(c1,c0) (((u32)((c1) & 0xff) << 8) + (u32)((c0) & 0xff))
164 #define NUM_BULK_URBS 24
165 #define NUM_CONTROL_URBS 16
167 struct usb_bluetooth {
168 int magic;
169 struct usb_device * dev;
170 struct tty_driver * tty_driver; /* the tty_driver for this device */
171 struct tty_struct * tty; /* the corresponding tty for this port */
173 unsigned char minor; /* the starting minor number for this device */
174 int throttle; /* throttled by tty layer */
175 int open_count;
177 __u8 control_out_bInterfaceNum;
178 struct urb * control_urb_pool[NUM_CONTROL_URBS];
179 struct usb_ctrlrequest dr[NUM_CONTROL_URBS];
181 unsigned char * interrupt_in_buffer;
182 struct urb * interrupt_in_urb;
183 __u8 interrupt_in_endpointAddress;
184 __u8 interrupt_in_interval;
185 int interrupt_in_buffer_size;
187 unsigned char * bulk_in_buffer;
188 struct urb * read_urb;
189 __u8 bulk_in_endpointAddress;
190 int bulk_in_buffer_size;
192 int bulk_out_buffer_size;
193 __u8 bulk_out_endpointAddress;
195 wait_queue_head_t write_wait;
197 struct work_struct work; /* work queue entry for line discipline waking up */
199 unsigned int int_packet_pos;
200 unsigned char int_buffer[EVENT_BUFFER_SIZE];
201 unsigned int bulk_packet_pos;
202 unsigned char bulk_buffer[ACL_BUFFER_SIZE]; /* 64k preallocated, fix? */
203 struct semaphore lock;
207 /* local function prototypes */
208 static int bluetooth_open (struct tty_struct *tty, struct file *filp);
209 static void bluetooth_close (struct tty_struct *tty, struct file *filp);
210 static int bluetooth_write (struct tty_struct *tty, const unsigned char *buf, int count);
211 static int bluetooth_write_room (struct tty_struct *tty);
212 static int bluetooth_chars_in_buffer (struct tty_struct *tty);
213 static void bluetooth_throttle (struct tty_struct *tty);
214 static void bluetooth_unthrottle (struct tty_struct *tty);
215 static int bluetooth_ioctl (struct tty_struct *tty, struct file *file, unsigned int cmd, unsigned long arg);
216 static void bluetooth_set_termios (struct tty_struct *tty, struct termios *old);
218 static void bluetooth_int_callback (struct urb *urb, struct pt_regs *regs);
219 static void bluetooth_ctrl_callback (struct urb *urb, struct pt_regs *regs);
220 static void bluetooth_read_bulk_callback (struct urb *urb, struct pt_regs *regs);
221 static void bluetooth_write_bulk_callback (struct urb *urb, struct pt_regs *regs);
223 static int usb_bluetooth_probe (struct usb_interface *intf,
224 const struct usb_device_id *id);
225 static void usb_bluetooth_disconnect (struct usb_interface *intf);
228 static struct usb_device_id usb_bluetooth_ids [] = {
229 { USB_DEVICE_INFO(WIRELESS_CLASS_CODE, RF_SUBCLASS_CODE, BLUETOOTH_PROGRAMMING_PROTOCOL_CODE) },
230 { } /* Terminating entry */
233 MODULE_DEVICE_TABLE (usb, usb_bluetooth_ids);
235 static struct usb_driver usb_bluetooth_driver = {
236 .owner = THIS_MODULE,
237 .name = "bluetty",
238 .probe = usb_bluetooth_probe,
239 .disconnect = usb_bluetooth_disconnect,
240 .id_table = usb_bluetooth_ids,
243 static struct tty_driver *bluetooth_tty_driver;
244 static struct usb_bluetooth *bluetooth_table[BLUETOOTH_TTY_MINORS];
247 static inline int bluetooth_paranoia_check (struct usb_bluetooth *bluetooth, const char *function)
249 if (!bluetooth) {
250 dbg("%s - bluetooth == NULL", function);
251 return -1;
253 if (bluetooth->magic != USB_BLUETOOTH_MAGIC) {
254 dbg("%s - bad magic number for bluetooth", function);
255 return -1;
258 return 0;
262 static inline struct usb_bluetooth* get_usb_bluetooth (struct usb_bluetooth *bluetooth, const char *function)
264 if (!bluetooth ||
265 bluetooth_paranoia_check (bluetooth, function)) {
266 /* then say that we don't have a valid usb_bluetooth thing, which will
267 * end up generating -ENODEV return values */
268 return NULL;
271 return bluetooth;
275 static inline struct usb_bluetooth *get_bluetooth_by_index (int index)
277 return bluetooth_table[index];
281 static int bluetooth_ctrl_msg (struct usb_bluetooth *bluetooth, int request, int value, const unsigned char *buf, int len)
283 struct urb *urb = NULL;
284 struct usb_ctrlrequest *dr = NULL;
285 int i;
286 int status;
288 dbg ("%s", __FUNCTION__);
290 /* try to find a free urb in our list */
291 for (i = 0; i < NUM_CONTROL_URBS; ++i) {
292 if (bluetooth->control_urb_pool[i]->status != -EINPROGRESS) {
293 urb = bluetooth->control_urb_pool[i];
294 dr = &bluetooth->dr[i];
295 break;
298 if (urb == NULL) {
299 dbg ("%s - no free urbs", __FUNCTION__);
300 return -ENOMEM;
303 /* keep increasing the urb transfer buffer to fit the size of the message */
304 if (urb->transfer_buffer == NULL) {
305 urb->transfer_buffer = kmalloc (len, GFP_KERNEL);
306 if (urb->transfer_buffer == NULL) {
307 err ("%s - out of memory", __FUNCTION__);
308 return -ENOMEM;
311 if (urb->transfer_buffer_length < len) {
312 kfree(urb->transfer_buffer);
313 urb->transfer_buffer = kmalloc (len, GFP_KERNEL);
314 if (urb->transfer_buffer == NULL) {
315 err ("%s - out of memory", __FUNCTION__);
316 return -ENOMEM;
319 memcpy (urb->transfer_buffer, buf, len);
321 dr->bRequestType= BLUETOOTH_CONTROL_REQUEST_TYPE;
322 dr->bRequest = request;
323 dr->wValue = cpu_to_le16((u16) value);
324 dr->wIndex = cpu_to_le16((u16) bluetooth->control_out_bInterfaceNum);
325 dr->wLength = cpu_to_le16((u16) len);
327 usb_fill_control_urb (urb, bluetooth->dev, usb_sndctrlpipe(bluetooth->dev, 0),
328 (unsigned char*)dr, urb->transfer_buffer, len, bluetooth_ctrl_callback, bluetooth);
330 /* send it down the pipe */
331 status = usb_submit_urb(urb, GFP_KERNEL);
332 if (status)
333 dbg("%s - usb_submit_urb(control) failed with status = %d", __FUNCTION__, status);
335 return status;
342 /*****************************************************************************
343 * Driver tty interface functions
344 *****************************************************************************/
345 static int bluetooth_open (struct tty_struct *tty, struct file * filp)
347 struct usb_bluetooth *bluetooth;
348 int result;
350 dbg("%s", __FUNCTION__);
352 /* initialize the pointer incase something fails */
353 tty->driver_data = NULL;
355 /* get the bluetooth object associated with this tty pointer */
356 bluetooth = get_bluetooth_by_index (tty->index);
358 if (bluetooth_paranoia_check (bluetooth, __FUNCTION__)) {
359 return -ENODEV;
362 down (&bluetooth->lock);
364 ++bluetooth->open_count;
365 if (bluetooth->open_count == 1) {
366 /* set up our structure making the tty driver remember our object, and us it */
367 tty->driver_data = bluetooth;
368 bluetooth->tty = tty;
370 /* force low_latency on so that our tty_push actually forces the data through,
371 * otherwise it is scheduled, and with high data rates (like with OHCI) data
372 * can get lost. */
373 bluetooth->tty->low_latency = 1;
375 /* Reset the packet position counters */
376 bluetooth->int_packet_pos = 0;
377 bluetooth->bulk_packet_pos = 0;
379 #ifndef BTBUGGYHARDWARE
380 /* Start reading from the device */
381 usb_fill_bulk_urb (bluetooth->read_urb, bluetooth->dev,
382 usb_rcvbulkpipe(bluetooth->dev, bluetooth->bulk_in_endpointAddress),
383 bluetooth->bulk_in_buffer,
384 bluetooth->bulk_in_buffer_size,
385 bluetooth_read_bulk_callback, bluetooth);
386 result = usb_submit_urb(bluetooth->read_urb, GFP_KERNEL);
387 if (result)
388 dbg("%s - usb_submit_urb(read bulk) failed with status %d", __FUNCTION__, result);
389 #endif
390 usb_fill_int_urb (bluetooth->interrupt_in_urb, bluetooth->dev,
391 usb_rcvintpipe(bluetooth->dev, bluetooth->interrupt_in_endpointAddress),
392 bluetooth->interrupt_in_buffer,
393 bluetooth->interrupt_in_buffer_size,
394 bluetooth_int_callback, bluetooth,
395 bluetooth->interrupt_in_interval);
396 result = usb_submit_urb(bluetooth->interrupt_in_urb, GFP_KERNEL);
397 if (result)
398 dbg("%s - usb_submit_urb(interrupt in) failed with status %d", __FUNCTION__, result);
401 up(&bluetooth->lock);
403 return 0;
407 static void bluetooth_close (struct tty_struct *tty, struct file * filp)
409 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)tty->driver_data, __FUNCTION__);
411 if (!bluetooth) {
412 return;
415 dbg("%s", __FUNCTION__);
417 if (!bluetooth->open_count) {
418 dbg ("%s - device not opened", __FUNCTION__);
419 return;
422 down (&bluetooth->lock);
424 --bluetooth->open_count;
425 if (bluetooth->open_count <= 0) {
426 bluetooth->open_count = 0;
428 /* shutdown any in-flight urbs that we know about */
429 usb_kill_urb (bluetooth->read_urb);
430 usb_kill_urb (bluetooth->interrupt_in_urb);
432 up(&bluetooth->lock);
436 static int bluetooth_write (struct tty_struct * tty, const unsigned char *buf, int count)
438 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)tty->driver_data, __FUNCTION__);
439 struct urb *urb = NULL;
440 unsigned char *temp_buffer = NULL;
441 const unsigned char *current_buffer;
442 unsigned char *urb_buffer;
443 int i;
444 int retval = 0;
446 if (!bluetooth) {
447 return -ENODEV;
450 dbg("%s - %d byte(s)", __FUNCTION__, count);
452 if (!bluetooth->open_count) {
453 dbg ("%s - device not opened", __FUNCTION__);
454 return -EINVAL;
457 if (count == 0) {
458 dbg("%s - write request of 0 bytes", __FUNCTION__);
459 return 0;
461 if (count == 1) {
462 dbg("%s - write request only included type %d", __FUNCTION__, buf[0]);
463 return 1;
466 #ifdef DEBUG
467 printk (KERN_DEBUG __FILE__ ": %s - length = %d, data = ", __FUNCTION__, count);
468 for (i = 0; i < count; ++i) {
469 printk ("%.2x ", buf[i]);
471 printk ("\n");
472 #endif
474 current_buffer = buf;
476 switch (*current_buffer) {
477 /* First byte indicates the type of packet */
478 case CMD_PKT:
479 /* dbg("%s- Send cmd_pkt len:%d", __FUNCTION__, count);*/
481 retval = bluetooth_ctrl_msg (bluetooth, 0x00, 0x00, &current_buffer[1], count-1);
482 if (retval) {
483 goto exit;
485 retval = count;
486 break;
488 case ACL_PKT:
489 ++current_buffer;
490 --count;
492 urb_buffer = kmalloc (count, GFP_ATOMIC);
493 if (!urb_buffer) {
494 dev_err(&bluetooth->dev->dev, "out of memory\n");
495 retval = -ENOMEM;
496 goto exit;
499 urb = usb_alloc_urb(0, GFP_ATOMIC);
500 if (!urb) {
501 dev_err(&bluetooth->dev->dev, "no more free urbs\n");
502 kfree(urb_buffer);
503 retval = -ENOMEM;
504 goto exit;
506 memcpy (urb_buffer, current_buffer, count);
508 /* build up our urb */
509 usb_fill_bulk_urb(urb, bluetooth->dev,
510 usb_sndbulkpipe(bluetooth->dev,
511 bluetooth->bulk_out_endpointAddress),
512 urb_buffer,
513 count,
514 bluetooth_write_bulk_callback,
515 bluetooth);
518 /* send it down the pipe */
519 retval = usb_submit_urb(urb, GFP_KERNEL);
520 if (retval) {
521 dbg("%s - usb_submit_urb(write bulk) failed with error = %d", __FUNCTION__, retval);
522 goto exit;
525 /* we are done with this urb, so let the host driver
526 * really free it when it is finished with it */
527 usb_free_urb (urb);
528 retval = count + 1;
529 break;
531 default :
532 dbg("%s - unsupported (at this time) write type", __FUNCTION__);
533 retval = -EINVAL;
534 break;
537 exit:
538 kfree(temp_buffer);
540 return retval;
544 static int bluetooth_write_room (struct tty_struct *tty)
546 dbg("%s", __FUNCTION__);
549 * We really can take anything the user throws at us
550 * but let's pick a nice big number to tell the tty
551 * layer that we have lots of free space
553 return 2048;
557 static int bluetooth_chars_in_buffer (struct tty_struct *tty)
559 dbg("%s", __FUNCTION__);
562 * We can't really account for how much data we
563 * have sent out, but hasn't made it through to the
564 * device, so just tell the tty layer that everything
565 * is flushed.
567 return 0;
571 static void bluetooth_throttle (struct tty_struct * tty)
573 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)tty->driver_data, __FUNCTION__);
575 if (!bluetooth) {
576 return;
579 dbg("%s", __FUNCTION__);
581 if (!bluetooth->open_count) {
582 dbg ("%s - device not open", __FUNCTION__);
583 return;
586 dbg("%s unsupported (at this time)", __FUNCTION__);
588 return;
592 static void bluetooth_unthrottle (struct tty_struct * tty)
594 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)tty->driver_data, __FUNCTION__);
596 if (!bluetooth) {
597 return;
600 dbg("%s", __FUNCTION__);
602 if (!bluetooth->open_count) {
603 dbg ("%s - device not open", __FUNCTION__);
604 return;
607 dbg("%s unsupported (at this time)", __FUNCTION__);
611 static int bluetooth_ioctl (struct tty_struct *tty, struct file * file, unsigned int cmd, unsigned long arg)
613 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)tty->driver_data, __FUNCTION__);
615 if (!bluetooth) {
616 return -ENODEV;
619 dbg("%s - cmd 0x%.4x", __FUNCTION__, cmd);
621 if (!bluetooth->open_count) {
622 dbg ("%s - device not open", __FUNCTION__);
623 return -ENODEV;
626 /* FIXME!!! */
627 return -ENOIOCTLCMD;
631 static void bluetooth_set_termios (struct tty_struct *tty, struct termios * old)
633 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)tty->driver_data, __FUNCTION__);
635 if (!bluetooth) {
636 return;
639 dbg("%s", __FUNCTION__);
641 if (!bluetooth->open_count) {
642 dbg ("%s - device not open", __FUNCTION__);
643 return;
646 /* FIXME!!! */
648 return;
652 #ifdef BTBUGGYHARDWARE
653 void btusb_enable_bulk_read(struct tty_struct *tty){
654 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)tty->driver_data, __FUNCTION__);
655 int result;
657 if (!bluetooth) {
658 return;
661 dbg("%s", __FUNCTION__);
663 if (!bluetooth->open_count) {
664 dbg ("%s - device not open", __FUNCTION__);
665 return;
668 if (bluetooth->read_urb) {
669 usb_fill_bulk_urb(bluetooth->read_urb, bluetooth->dev,
670 usb_rcvbulkpipe(bluetooth->dev, bluetooth->bulk_in_endpointAddress),
671 bluetooth->bulk_in_buffer, bluetooth->bulk_in_buffer_size,
672 bluetooth_read_bulk_callback, bluetooth);
673 result = usb_submit_urb(bluetooth->read_urb, GFP_KERNEL);
674 if (result)
675 err ("%s - failed submitting read urb, error %d", __FUNCTION__, result);
679 void btusb_disable_bulk_read(struct tty_struct *tty){
680 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)tty->driver_data, __FUNCTION__);
682 if (!bluetooth) {
683 return;
686 dbg("%s", __FUNCTION__);
688 if (!bluetooth->open_count) {
689 dbg ("%s - device not open", __FUNCTION__);
690 return;
693 if ((bluetooth->read_urb) && (bluetooth->read_urb->actual_length))
694 usb_kill_urb(bluetooth->read_urb);
696 #endif
699 /*****************************************************************************
700 * urb callback functions
701 *****************************************************************************/
704 static void bluetooth_int_callback (struct urb *urb, struct pt_regs *regs)
706 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)urb->context, __FUNCTION__);
707 unsigned char *data = urb->transfer_buffer;
708 unsigned int i;
709 unsigned int count = urb->actual_length;
710 unsigned int packet_size;
711 int status;
713 dbg("%s", __FUNCTION__);
715 if (!bluetooth) {
716 dbg("%s - bad bluetooth pointer, exiting", __FUNCTION__);
717 return;
720 switch (urb->status) {
721 case 0:
722 /* success */
723 break;
724 case -ECONNRESET:
725 case -ENOENT:
726 case -ESHUTDOWN:
727 /* this urb is terminated, clean up */
728 dbg("%s - urb shutting down with status: %d", __FUNCTION__, urb->status);
729 return;
730 default:
731 dbg("%s - nonzero urb status received: %d", __FUNCTION__, urb->status);
732 goto exit;
735 if (!count) {
736 dbg("%s - zero length int", __FUNCTION__);
737 goto exit;
741 #ifdef DEBUG
742 if (count) {
743 printk (KERN_DEBUG __FILE__ ": %s- length = %d, data = ", __FUNCTION__, count);
744 for (i = 0; i < count; ++i) {
745 printk ("%.2x ", data[i]);
747 printk ("\n");
749 #endif
751 #ifdef BTBUGGYHARDWARE
752 if ((count >= 2) && (data[0] == 0xFF) && (data[1] == 0x00)) {
753 data += 2;
754 count -= 2;
756 if (count == 0) {
757 urb->actual_length = 0;
758 goto exit;
760 #endif
761 /* We add a packet type identifier to the beginning of each
762 HCI frame. This makes the data in the tty look like a
763 serial USB devices. Each HCI frame can be broken across
764 multiple URBs so we buffer them until we have a full hci
765 packet */
767 if (!bluetooth->int_packet_pos) {
768 bluetooth->int_buffer[0] = EVENT_PKT;
769 bluetooth->int_packet_pos++;
772 if (bluetooth->int_packet_pos + count > EVENT_BUFFER_SIZE) {
773 err("%s - exceeded EVENT_BUFFER_SIZE", __FUNCTION__);
774 bluetooth->int_packet_pos = 0;
775 goto exit;
778 memcpy (&bluetooth->int_buffer[bluetooth->int_packet_pos],
779 urb->transfer_buffer, count);
780 bluetooth->int_packet_pos += count;
781 urb->actual_length = 0;
783 if (bluetooth->int_packet_pos >= EVENT_HDR_SIZE)
784 packet_size = bluetooth->int_buffer[2];
785 else
786 goto exit;
788 if (packet_size + EVENT_HDR_SIZE < bluetooth->int_packet_pos) {
789 err("%s - packet was too long", __FUNCTION__);
790 bluetooth->int_packet_pos = 0;
791 goto exit;
794 if (packet_size + EVENT_HDR_SIZE == bluetooth->int_packet_pos) {
795 for (i = 0; i < bluetooth->int_packet_pos; ++i) {
796 /* if we insert more than TTY_FLIPBUF_SIZE characters, we drop them */
797 if (bluetooth->tty->flip.count >= TTY_FLIPBUF_SIZE) {
798 tty_flip_buffer_push(bluetooth->tty);
800 tty_insert_flip_char(bluetooth->tty, bluetooth->int_buffer[i], 0);
802 tty_flip_buffer_push(bluetooth->tty);
804 bluetooth->int_packet_pos = 0;
807 exit:
808 status = usb_submit_urb (urb, GFP_ATOMIC);
809 if (status)
810 err ("%s - usb_submit_urb failed with result %d",
811 __FUNCTION__, status);
815 static void bluetooth_ctrl_callback (struct urb *urb, struct pt_regs *regs)
817 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)urb->context, __FUNCTION__);
819 dbg("%s", __FUNCTION__);
821 if (!bluetooth) {
822 dbg("%s - bad bluetooth pointer, exiting", __FUNCTION__);
823 return;
826 if (urb->status) {
827 dbg("%s - nonzero read bulk status received: %d", __FUNCTION__, urb->status);
828 return;
833 static void bluetooth_read_bulk_callback (struct urb *urb, struct pt_regs *regs)
835 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)urb->context, __FUNCTION__);
836 unsigned char *data = urb->transfer_buffer;
837 unsigned int count = urb->actual_length;
838 unsigned int i;
839 unsigned int packet_size;
840 int result;
843 dbg("%s", __FUNCTION__);
845 if (!bluetooth) {
846 dbg("%s - bad bluetooth pointer, exiting", __FUNCTION__);
847 return;
850 if (urb->status) {
851 dbg("%s - nonzero read bulk status received: %d", __FUNCTION__, urb->status);
852 if (urb->status == -ENOENT) {
853 dbg("%s - URB canceled, won't reschedule", __FUNCTION__);
854 return;
856 goto exit;
859 if (!count) {
860 dbg("%s - zero length read bulk", __FUNCTION__);
861 goto exit;
864 #ifdef DEBUG
865 if (count) {
866 printk (KERN_DEBUG __FILE__ ": %s- length = %d, data = ", __FUNCTION__, count);
867 for (i = 0; i < count; ++i) {
868 printk ("%.2x ", data[i]);
870 printk ("\n");
872 #endif
873 #ifdef BTBUGGYHARDWARE
874 if ((count == 4) && (data[0] == 0x00) && (data[1] == 0x00)
875 && (data[2] == 0x00) && (data[3] == 0x00)) {
876 urb->actual_length = 0;
877 usb_fill_bulk_urb(bluetooth->read_urb, bluetooth->dev,
878 usb_rcvbulkpipe(bluetooth->dev, bluetooth->bulk_in_endpointAddress),
879 bluetooth->bulk_in_buffer, bluetooth->bulk_in_buffer_size,
880 bluetooth_read_bulk_callback, bluetooth);
881 result = usb_submit_urb(bluetooth->read_urb, GFP_KERNEL);
882 if (result)
883 err ("%s - failed resubmitting read urb, error %d", __FUNCTION__, result);
885 return;
887 #endif
888 /* We add a packet type identifier to the beginning of each
889 HCI frame. This makes the data in the tty look like a
890 serial USB devices. Each HCI frame can be broken across
891 multiple URBs so we buffer them until we have a full hci
892 packet */
894 if (!bluetooth->bulk_packet_pos) {
895 bluetooth->bulk_buffer[0] = ACL_PKT;
896 bluetooth->bulk_packet_pos++;
899 if (bluetooth->bulk_packet_pos + count > ACL_BUFFER_SIZE) {
900 err("%s - exceeded ACL_BUFFER_SIZE", __FUNCTION__);
901 bluetooth->bulk_packet_pos = 0;
902 goto exit;
905 memcpy (&bluetooth->bulk_buffer[bluetooth->bulk_packet_pos],
906 urb->transfer_buffer, count);
907 bluetooth->bulk_packet_pos += count;
908 urb->actual_length = 0;
910 if (bluetooth->bulk_packet_pos >= ACL_HDR_SIZE) {
911 packet_size = CHAR2INT16(bluetooth->bulk_buffer[4],bluetooth->bulk_buffer[3]);
912 } else {
913 goto exit;
916 if (packet_size + ACL_HDR_SIZE < bluetooth->bulk_packet_pos) {
917 err("%s - packet was too long", __FUNCTION__);
918 bluetooth->bulk_packet_pos = 0;
919 goto exit;
922 if (packet_size + ACL_HDR_SIZE == bluetooth->bulk_packet_pos) {
923 for (i = 0; i < bluetooth->bulk_packet_pos; ++i) {
924 /* if we insert more than TTY_FLIPBUF_SIZE characters, we drop them. */
925 if (bluetooth->tty->flip.count >= TTY_FLIPBUF_SIZE) {
926 tty_flip_buffer_push(bluetooth->tty);
928 tty_insert_flip_char(bluetooth->tty, bluetooth->bulk_buffer[i], 0);
930 tty_flip_buffer_push(bluetooth->tty);
931 bluetooth->bulk_packet_pos = 0;
934 exit:
935 if (!bluetooth || !bluetooth->open_count)
936 return;
938 usb_fill_bulk_urb(bluetooth->read_urb, bluetooth->dev,
939 usb_rcvbulkpipe(bluetooth->dev, bluetooth->bulk_in_endpointAddress),
940 bluetooth->bulk_in_buffer, bluetooth->bulk_in_buffer_size,
941 bluetooth_read_bulk_callback, bluetooth);
942 result = usb_submit_urb(bluetooth->read_urb, GFP_KERNEL);
943 if (result)
944 err ("%s - failed resubmitting read urb, error %d", __FUNCTION__, result);
946 return;
950 static void bluetooth_write_bulk_callback (struct urb *urb, struct pt_regs *regs)
952 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)urb->context, __FUNCTION__);
954 dbg("%s", __FUNCTION__);
956 /* free up the transfer buffer, as usb_free_urb() does not do this */
957 kfree(urb->transfer_buffer);
959 if (!bluetooth) {
960 dbg("%s - bad bluetooth pointer, exiting", __FUNCTION__);
961 return;
964 if (urb->status) {
965 dbg("%s - nonzero write bulk status received: %d", __FUNCTION__, urb->status);
966 return;
969 /* wake up our little function to let the tty layer know that something happened */
970 schedule_work(&bluetooth->work);
974 static void bluetooth_softint(void *private)
976 struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)private, __FUNCTION__);
978 dbg("%s", __FUNCTION__);
980 if (!bluetooth)
981 return;
983 tty_wakeup(bluetooth->tty);
987 static int usb_bluetooth_probe (struct usb_interface *intf,
988 const struct usb_device_id *id)
990 struct usb_device *dev = interface_to_usbdev (intf);
991 struct usb_bluetooth *bluetooth = NULL;
992 struct usb_host_interface *interface;
993 struct usb_endpoint_descriptor *endpoint;
994 struct usb_endpoint_descriptor *interrupt_in_endpoint[8];
995 struct usb_endpoint_descriptor *bulk_in_endpoint[8];
996 struct usb_endpoint_descriptor *bulk_out_endpoint[8];
997 int control_out_endpoint;
999 int minor;
1000 int buffer_size;
1001 int i;
1002 int num_interrupt_in = 0;
1003 int num_bulk_in = 0;
1004 int num_bulk_out = 0;
1006 interface = intf->cur_altsetting;
1007 control_out_endpoint = interface->desc.bInterfaceNumber;
1009 /* find the endpoints that we need */
1010 for (i = 0; i < interface->desc.bNumEndpoints; ++i) {
1011 endpoint = &interface->endpoint[i].desc;
1013 if ((endpoint->bEndpointAddress & 0x80) &&
1014 ((endpoint->bmAttributes & 3) == 0x02)) {
1015 /* we found a bulk in endpoint */
1016 dbg("found bulk in");
1017 bulk_in_endpoint[num_bulk_in] = endpoint;
1018 ++num_bulk_in;
1021 if (((endpoint->bEndpointAddress & 0x80) == 0x00) &&
1022 ((endpoint->bmAttributes & 3) == 0x02)) {
1023 /* we found a bulk out endpoint */
1024 dbg("found bulk out");
1025 bulk_out_endpoint[num_bulk_out] = endpoint;
1026 ++num_bulk_out;
1029 if ((endpoint->bEndpointAddress & 0x80) &&
1030 ((endpoint->bmAttributes & 3) == 0x03)) {
1031 /* we found a interrupt in endpoint */
1032 dbg("found interrupt in");
1033 interrupt_in_endpoint[num_interrupt_in] = endpoint;
1034 ++num_interrupt_in;
1038 /* according to the spec, we can only have 1 bulk_in, 1 bulk_out, and 1 interrupt_in endpoints */
1039 if ((num_bulk_in != 1) ||
1040 (num_bulk_out != 1) ||
1041 (num_interrupt_in != 1)) {
1042 dbg ("%s - improper number of endpoints. Bluetooth driver not bound.", __FUNCTION__);
1043 return -EIO;
1046 info("USB Bluetooth converter detected");
1048 for (minor = 0; minor < BLUETOOTH_TTY_MINORS && bluetooth_table[minor]; ++minor)
1050 if (bluetooth_table[minor]) {
1051 err("No more free Bluetooth devices");
1052 return -ENODEV;
1055 if (!(bluetooth = kmalloc(sizeof(struct usb_bluetooth), GFP_KERNEL))) {
1056 err("Out of memory");
1057 return -ENOMEM;
1060 memset(bluetooth, 0, sizeof(struct usb_bluetooth));
1062 bluetooth->magic = USB_BLUETOOTH_MAGIC;
1063 bluetooth->dev = dev;
1064 bluetooth->minor = minor;
1065 INIT_WORK(&bluetooth->work, bluetooth_softint, bluetooth);
1066 init_MUTEX(&bluetooth->lock);
1068 /* record the interface number for the control out */
1069 bluetooth->control_out_bInterfaceNum = control_out_endpoint;
1071 /* create our control out urb pool */
1072 for (i = 0; i < NUM_CONTROL_URBS; ++i) {
1073 struct urb *urb = usb_alloc_urb(0, GFP_KERNEL);
1074 if (urb == NULL) {
1075 err("No free urbs available");
1076 goto probe_error;
1078 urb->transfer_buffer = NULL;
1079 bluetooth->control_urb_pool[i] = urb;
1082 /* set up the endpoint information */
1083 endpoint = bulk_in_endpoint[0];
1084 bluetooth->read_urb = usb_alloc_urb (0, GFP_KERNEL);
1085 if (!bluetooth->read_urb) {
1086 err("No free urbs available");
1087 goto probe_error;
1089 bluetooth->bulk_in_buffer_size = buffer_size = le16_to_cpu(endpoint->wMaxPacketSize);
1090 bluetooth->bulk_in_endpointAddress = endpoint->bEndpointAddress;
1091 bluetooth->bulk_in_buffer = kmalloc (buffer_size, GFP_KERNEL);
1092 if (!bluetooth->bulk_in_buffer) {
1093 err("Couldn't allocate bulk_in_buffer");
1094 goto probe_error;
1096 usb_fill_bulk_urb(bluetooth->read_urb, dev, usb_rcvbulkpipe(dev, endpoint->bEndpointAddress),
1097 bluetooth->bulk_in_buffer, buffer_size, bluetooth_read_bulk_callback, bluetooth);
1099 endpoint = bulk_out_endpoint[0];
1100 bluetooth->bulk_out_endpointAddress = endpoint->bEndpointAddress;
1101 bluetooth->bulk_out_buffer_size = le16_to_cpu(endpoint->wMaxPacketSize) * 2;
1103 endpoint = interrupt_in_endpoint[0];
1104 bluetooth->interrupt_in_urb = usb_alloc_urb(0, GFP_KERNEL);
1105 if (!bluetooth->interrupt_in_urb) {
1106 err("No free urbs available");
1107 goto probe_error;
1109 bluetooth->interrupt_in_buffer_size = buffer_size = le16_to_cpu(endpoint->wMaxPacketSize);
1110 bluetooth->interrupt_in_endpointAddress = endpoint->bEndpointAddress;
1111 bluetooth->interrupt_in_interval = endpoint->bInterval;
1112 bluetooth->interrupt_in_buffer = kmalloc (buffer_size, GFP_KERNEL);
1113 if (!bluetooth->interrupt_in_buffer) {
1114 err("Couldn't allocate interrupt_in_buffer");
1115 goto probe_error;
1117 usb_fill_int_urb(bluetooth->interrupt_in_urb, dev, usb_rcvintpipe(dev, endpoint->bEndpointAddress),
1118 bluetooth->interrupt_in_buffer, buffer_size, bluetooth_int_callback,
1119 bluetooth, endpoint->bInterval);
1121 /* initialize the devfs nodes for this device and let the user know what bluetooths we are bound to */
1122 tty_register_device (bluetooth_tty_driver, minor, &intf->dev);
1123 info("Bluetooth converter now attached to ttyUB%d (or usb/ttub/%d for devfs)", minor, minor);
1125 bluetooth_table[minor] = bluetooth;
1127 /* success */
1128 usb_set_intfdata (intf, bluetooth);
1129 return 0;
1131 probe_error:
1132 if (bluetooth->read_urb)
1133 usb_free_urb (bluetooth->read_urb);
1134 if (bluetooth->bulk_in_buffer)
1135 kfree (bluetooth->bulk_in_buffer);
1136 if (bluetooth->interrupt_in_urb)
1137 usb_free_urb (bluetooth->interrupt_in_urb);
1138 if (bluetooth->interrupt_in_buffer)
1139 kfree (bluetooth->interrupt_in_buffer);
1140 for (i = 0; i < NUM_CONTROL_URBS; ++i)
1141 if (bluetooth->control_urb_pool[i]) {
1142 if (bluetooth->control_urb_pool[i]->transfer_buffer)
1143 kfree (bluetooth->control_urb_pool[i]->transfer_buffer);
1144 usb_free_urb (bluetooth->control_urb_pool[i]);
1147 bluetooth_table[minor] = NULL;
1149 /* free up any memory that we allocated */
1150 kfree (bluetooth);
1151 return -EIO;
1155 static void usb_bluetooth_disconnect(struct usb_interface *intf)
1157 struct usb_bluetooth *bluetooth = usb_get_intfdata (intf);
1158 int i;
1160 usb_set_intfdata (intf, NULL);
1161 if (bluetooth) {
1162 if ((bluetooth->open_count) && (bluetooth->tty))
1163 tty_hangup(bluetooth->tty);
1165 bluetooth->open_count = 0;
1167 if (bluetooth->read_urb) {
1168 usb_kill_urb (bluetooth->read_urb);
1169 usb_free_urb (bluetooth->read_urb);
1171 if (bluetooth->bulk_in_buffer)
1172 kfree (bluetooth->bulk_in_buffer);
1174 if (bluetooth->interrupt_in_urb) {
1175 usb_kill_urb (bluetooth->interrupt_in_urb);
1176 usb_free_urb (bluetooth->interrupt_in_urb);
1178 if (bluetooth->interrupt_in_buffer)
1179 kfree (bluetooth->interrupt_in_buffer);
1181 tty_unregister_device (bluetooth_tty_driver, bluetooth->minor);
1183 for (i = 0; i < NUM_CONTROL_URBS; ++i) {
1184 if (bluetooth->control_urb_pool[i]) {
1185 usb_kill_urb (bluetooth->control_urb_pool[i]);
1186 if (bluetooth->control_urb_pool[i]->transfer_buffer)
1187 kfree (bluetooth->control_urb_pool[i]->transfer_buffer);
1188 usb_free_urb (bluetooth->control_urb_pool[i]);
1192 info("Bluetooth converter now disconnected from ttyUB%d", bluetooth->minor);
1194 bluetooth_table[bluetooth->minor] = NULL;
1196 /* free up any memory that we allocated */
1197 kfree (bluetooth);
1198 } else {
1199 info("device disconnected");
1203 static struct tty_operations bluetooth_ops = {
1204 .open = bluetooth_open,
1205 .close = bluetooth_close,
1206 .write = bluetooth_write,
1207 .write_room = bluetooth_write_room,
1208 .ioctl = bluetooth_ioctl,
1209 .set_termios = bluetooth_set_termios,
1210 .throttle = bluetooth_throttle,
1211 .unthrottle = bluetooth_unthrottle,
1212 .chars_in_buffer = bluetooth_chars_in_buffer,
1215 static int usb_bluetooth_init(void)
1217 int i;
1218 int result;
1220 /* Initialize our global data */
1221 for (i = 0; i < BLUETOOTH_TTY_MINORS; ++i) {
1222 bluetooth_table[i] = NULL;
1225 info ("USB Bluetooth support registered");
1227 bluetooth_tty_driver = alloc_tty_driver(BLUETOOTH_TTY_MINORS);
1228 if (!bluetooth_tty_driver)
1229 return -ENOMEM;
1231 bluetooth_tty_driver->owner = THIS_MODULE;
1232 bluetooth_tty_driver->driver_name = "usb-bluetooth";
1233 bluetooth_tty_driver->name = "ttyUB";
1234 bluetooth_tty_driver->devfs_name = "usb/ttub/";
1235 bluetooth_tty_driver->major = BLUETOOTH_TTY_MAJOR;
1236 bluetooth_tty_driver->minor_start = 0;
1237 bluetooth_tty_driver->type = TTY_DRIVER_TYPE_SERIAL;
1238 bluetooth_tty_driver->subtype = SERIAL_TYPE_NORMAL;
1239 bluetooth_tty_driver->flags = TTY_DRIVER_REAL_RAW | TTY_DRIVER_NO_DEVFS;
1240 bluetooth_tty_driver->init_termios = tty_std_termios;
1241 bluetooth_tty_driver->init_termios.c_cflag = B9600 | CS8 | CREAD | HUPCL | CLOCAL;
1242 tty_set_operations(bluetooth_tty_driver, &bluetooth_ops);
1243 if (tty_register_driver (bluetooth_tty_driver)) {
1244 err("%s - failed to register tty driver", __FUNCTION__);
1245 put_tty_driver(bluetooth_tty_driver);
1246 return -1;
1249 /* register the USB driver */
1250 result = usb_register(&usb_bluetooth_driver);
1251 if (result < 0) {
1252 tty_unregister_driver(bluetooth_tty_driver);
1253 put_tty_driver(bluetooth_tty_driver);
1254 err("usb_register failed for the USB bluetooth driver. Error number %d", result);
1255 return -1;
1258 info(DRIVER_DESC " " DRIVER_VERSION);
1260 return 0;
1264 static void usb_bluetooth_exit(void)
1266 usb_deregister(&usb_bluetooth_driver);
1267 tty_unregister_driver(bluetooth_tty_driver);
1268 put_tty_driver(bluetooth_tty_driver);
1272 module_init(usb_bluetooth_init);
1273 module_exit(usb_bluetooth_exit);
1275 /* Module information */
1276 MODULE_AUTHOR( DRIVER_AUTHOR );
1277 MODULE_DESCRIPTION( DRIVER_DESC );
1278 MODULE_LICENSE("GPL");